about summary refs log tree commit diff
path: root/modules/nixos/incus.nix
blob: 184aa03fa2c89d952c87983e622697bab6aef4e6 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
{ config, lib, ... }:
with lib;
let
  cfg = config.nixfiles.modules.incus;
in
{
  options.nixfiles.modules.incus.enable = mkEnableOption "Incus";

  config = mkIf cfg.enable {
    ark.directories = [ "/var/lib/incus" ];

    virtualisation.incus = {
      enable = true;

      preseed = mkDefault {
        networks = [
          {
            name = "incusbr0";
            type = "bridge";
            config = {
              "ipv4.address" = "10.0.30.1/24";
              "ipv4.nat" = true;
              "ipv6.address" = "fc30::1/64";
              "ipv6.nat" = true;
            };
          }
        ];
        storage_pools = [
          {
            name = "default";
            driver = "dir";
            config.source = "/var/lib/incus/storage-pools/default";
          }
        ];
        profiles = [
          {
            name = "default";
            devices = {
              eth0 = {
                type = "nic";
                name = "eth0";
                network = "incusbr0";
              };
              root = {
                type = "disk";
                pool = "default";
                size = "15GiB";
                path = "/";
              };
            };
          }
        ];
      };
    };

    networking.firewall.trustedInterfaces = [ "incusbr0" ];

    # FIXME https://nixpk.gs/pr-tracker.html?pr=295364
    # systemd.services.incus.path = mkForce [
    #   config.boot.zfs.package
    #   "${config.boot.zfs.package}/lib/udev"
    # ];

    my.extraGroups = [ "incus-admin" ];
  };
}

Consider giving Nix/NixOS a try! <3